Amendments to the Specifi cation: 

Please replace the paragraph beginning on page 2, line 25 with the following amended 

For example, different suppliers of web browsers may incorporate root CA certificate 1 ; 
issued by many different sources. Bach of these sources may issue a certificate with differing 
expiration dates. Management of the root CA certificates by a trusted authority is typically not 
used. Accordingly, a problem arises when different versions of web browsers are used by 
different users For example, an older version of a web browser may have root CA certificates 
that expire .sooner than root ('A certificates that may be embedded in newer versions of web 
browsers. Accordingly, various certificate issuing entities may serve as different roof CA's and 
issue certificates having differing expiry periods. When a root CA certificate expires, all servers 
winch have web certificates that were issued by that CA will no longer be-tmsted-fey -trust any 
browser winch contains only the expired certificate for mat CA. 

Please replace the paragraph beginning on page 3, hnc 6 with the following amended paragraph: 
he a v -we; *5oacl web u\\L., taoe ss tvp^abv no v\a\ t- dace: 'Aw evp^rooi. of a web 
certificate prior to a request for a session with a web server. For example, web certificates that 
are pro-installed with web browsers from different issuers are typically nor continually checked 
by the web browser to insure that they have not expired. Typically, a user will only be informed 
of a problem when (he web browses- attempts to set. up a secure session with a web server. If the 
web certificate bus expired, the session is not granted. One proposed solution has been to require 
a user to manually update a web browser that has prestored web certificates that expire at later 
dates. Typically, web servers will detect old web browser versions through, for example, web 
Identification tags embedded in headers and identify a link (e.g.. URL) to the site that may 
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Plea.se replace (he paragraph beginning on page 3, line 27 with the following an Raided 

However, a problem arises with such techniques since, imer aha, a user typically is 
denial a secure session and is additionally required to manually obtain an t-pgrad^ update! 
version of a web (f server] Jbrowser. Accordingly, when, a user installs a new version of a web 
browser it is typically not possible for a web site to know that the web browser has the new root 
CA certificate without establishing an SSL connection or other suitable secure session that 
"Ci.si.uv the use e.'^a new ■ <>>•!<. Vec-iufLate. I lu^ problem cjlu bt. c^oic-me h\ .wring a cook!- 
to the user's browser. The next tune the user visits the site, the .server can cheek for the cookie. 
H the cookie •:x-st>-, the server knows that the user has installed the new root CA certificate. 
However, nthw sites thai also require the new root CA certificate cannot read that cookie. As 
s i v i ! v. t ' d I v,e mi f,, i o' > v a> v. » o- i? n < _ 
already installed the new root CA certificate. 

Please replace the paragraph beginning on page 5. line 10 with the following amended 
paragraph: 

For example in an embodiment applied to a system employing web eertin eases, the web 
browser contacts the web server, the web server, upon detecting an unsuitable version of the web 
browser, notifies the web browser to go obtain new embedded web certificates. Accordingly, the 
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ejxiaic has been complete and 25 tru^s -Lai the s\dh browse; iIk unexpired web etrtifieute 

Please replace the paragraph beginning on page 5, line 22 with the foil' .wing amended 
paragraph: 

'The systems and methods may be employed to update the software in different versions, 
provide unexpired root CA certificates, or provide any other suitable data. The system allow*; a 
user (hat has updated the root OA certdicaies to connect to a different sue after up-grae4fiji 
l. i jM?lir:S..>'^ : ^ ?s 5 ^ iC dilloreot site detects if the data has already been «p^««d~ui^ated..or a 
new CA. certificate downloaded to a web browser by detecting the univers al cookie iroin the 
software update controller. For example, a first time through, a user manuaHv inserts the new 
root CA certificate in the web browser. 'The next time ihe user accesses a she that is in the 
"-o^a.n, ! ^ ' >v e„V\v,,u t+w datk-jent <#rt¥- ^■ t ^.v----..--.uwt <s-p^hy -oot*>,., a wud^ 
cookie' of any sort: Ihe browser gets a cookie and a special message encoded in the URL, or 
inserted into the HTTP headers, from the software update controller. The web server detects the 
special message in the URL or the HTTP headers, not in the cookie, "the webserver -hen sets its 
own (.ooUe ;-t ideruiMcHois -it a uv.ei date 
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Please replace the paragraph beginning on page 6, line 5 with the following amended paragraph: 
FIG. 1 illustrates a system 100 for updating data that includes first processing entities 
102a- • n- ! On, n:eh device cenurtjng a web ho\v^';. s„e<md pn>ees.vr.e enutnw 

HWa-.i04n, st eh as web servers, and a third processing entity 106, such as a software update 
controller (e.g., another server). The third processing entity 106 is preferably in operative 
communication with only the first processing entities 102a-102n., Also in a preferred 
embodiment, Use plurality of second processing entities ;04a-i04n are in operative 
communication with the first processing entities 102a-102n but art; not in communication widi 
the third processing entity 106. For purposes of illustration and not limitation, the disclosed 
invention vs. -J' he described o, ith rcierenee to an In term t -based s\>ierrt dun unpiovs web 
certificates as the data to be updated. However, it will he recognized that the invention may he 
applicable to any suitable in formation security system such as wireless communication systems, 
intranet, based systems, any systems requiring updating of versions oi' software, or any « »ther 
suitable system. 

Please replace the paragraph beginning on page 8. line I with the following amended paragraph: 

if the connection request does not include the appropriate cookie (eookieswuc; for the 
software update controller 1 06, the software update controller 1 06 recognizes that this may he 
the first update request required by the first processing entity. Where the redirected connection 
request i 16 does not include the cookie of the destination processing entity, the third processing 
entity sends update instructions 118 to the first processing entity along with a request, for a 
confirmation of completion of an update. This may be done, for example, by .requesting the user 
to activate a GUI interface confirmation of update button. The update instructions, as shown in 
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block 216, may include, for example, instructions to be displayed for the user to select which 
version of the software to update to or which web certificates should be embedded in the web 
browser and whether the new version of the web browser, or other data lion- the third processing 
entity was received by the first processing entity. Accordingly, the third processing entity causes 
the first processing entity to display instructions for the user to follow so that the appropriate 
version of the software is updated or provided to the first processing entity. The user then selects 
the confirmation button to indicate that she version has been selected and an update has been. 
C'-iVspLted : 5 > up late e.-nonrati--n data 1 >0 \; tisen ven: ron "he ;o\t PK>cC\::mg cn:;'^ to :ne 
third processing entity in response to receiving the request for confirmation of the completion of 
an update. Trie update confirmation data 120 may include, for example, the URL of the third 
<■>< cv»,jv, en' '.-.*" <l ,^io. '. icadc writ the uiun ade":o> of 'he - :^K>;tJ p^vc^se*. en'.!" . 
and V;pftf-ad<3-- update complete data indicating that the upgrade-u p da te has been, completed, t he 
update instruction includes the new version of the software which -nay be communicated in any 
suitable form, such as encrypted using a public key encryption engine, symmetric key encryption 
engine or any other suitable encryption technique. 

Please replace the paragraph beginning on page 8. line 27 with the following amended 

As shown in block 218.. the third processing entity receives the update andlrn-ation data 
1 20 and parses the header to verify that the up^rad^- updatc is complete. More particularly, the 
third processing entity checks to detect that the update complete data is included in the update 
eonfii-nation data indicating that the first processing entity has properly received and suitably 
unacted-- update d its web certificates, software, or other data in accordance with the update 
instruction 1 IB. The third processing entity parses the header, for example, to see that the 
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«f^Fe^«gdgecompkite data and that the cookie associated with the software update controller 
for that particular update has been set m the first, processing entity The third processing entity 
therefore sets the cookie in the first processing, entity. The third processing entity then sends an 
update complete ami redirect command 122 back to the first processing entity, for detection by 
the second processing entity. This update complete data and redirect command 122 contains, tor 
example, a redirect command back to the second processing entity which may include, for 
example, the URL of the second processing entity along with data representing that the third 
processing entity cookie has been set in the first processor. As shown in block 220.. the first 
processor generates another connection request 124 to the second processor indicating that die 
software update is complete. For example, this includes the URL of the second processing 
emits-, and a header- with the data software cookie set equal "yes" as provided by the third 
processing entity. As shown m block 222, the second processing entity receives the connection 
eoees, N ~ p . >es ^e : o i<\ed o<"e J >rio»n at or 1 \ ^e , » \ u > k o * he he. k - 
depending on the type of CGI request - POST or GF.T) header to detect the cuokieswue set equal 
yes. and then sets the cookie of the second processing entity in the first processing entity through 
communication 1 26. The process continues as needed for other processing entities and other 
second processing entities, as desired. 

Please replace the para graph beginning on page 9, line 22 with the following amended 

As applied to a system requiring web certificates, the fust processing entity is a web- 
browser that is operative to request a connection with the web server 104a, The web server 104 a 
detects a need to update web certificate data based on the request for a connection iron- the web 



controller 106 has been provided to the web browser {[ 1 .04s]ji02a, The web browser 104a 
automatically redirects communication from the web browser 104a and the web server, to the 
web browser ar-d the web certificate update controller in response to detecting the need to update 
the web certificate. The web server, for example, sends the universal resource locator associated 
with the web certificate update controller, and other information, as desired, to automatically 
force the first processing, entity to communicate with the software update controller. The 
software update controller 106, may be a web certificate update controller that contains new 
versions of web browsers that contain web certificates having later expiry periods, for example. 
The web eon|hca*e update controller provides web certificate update complete data 122 for the 
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